What Is Privacy Law?

Almost every day, clients and colleagues ask me: “What is privacy law, and why is it everyone discussing it right now?” I recently gave a talk to my local bar association on that exact topic, and below is a snippet from that talk.

What Is Privacy Law, and Why Does It Matter?

Privacy law deals with personal data and the use of that data: the regulation, storage, and protection of information about individuals. It is a multidisciplinary field of law, impacting any business that collects information from customers, clients, employees, or other businesses, in any form. For example, privacy law impacts a small café that takes payment card information. It also impacts the café when it collects information to process an employee’s paycheck. On a much larger scale, a company like Amazon is impacted by privacy laws regulating what a business can collect from consumers via its website, how it must protect such information (generally from an IT perspective), and to whom it must report when such information is breached (think the recent Target data breach).

The Health Information Privacy Accountability Act (HIPAA), which deals with medical privacy, is a classic privacy law, as are laws that specify what information a company can collect online, such as the Children’s Online Privacy Protection Act (COPPA). Most laws about marketing are considered privacy law, as they regulate when and how you can use people’s information to contact them (via email, snail mail, and phone). The CAN-SPAM Act (regulating what businesses can do with emails) and Do Not Call laws are classic privacy legislation. In short, any time you are collecting, giving away, or using personal information, you’ve entered the realm of “privacy law.”

Why Does This Matter to Your Business?

Some form of privacy impacts all businesses, so it’s critical to consider how your business is utilizing personal data and what you need to do to use and protect that data in a way that does not run afoul of privacy laws.

The great benefit of complying with privacy law (in addition to being law-abiding) is that it generates positive PR for your business. If your business is already compliant with privacy laws, let your customers, clients, or employees know that you take care of their information and how. A consumer-facing privacy policy is one way to do so.

If you're interested in reading why privacy law is so hot right now, see part two on my blog next week.